Network Monitoring & Network Forensics

See Threats Traversing Your Network

When attackers compromise the perimeter or are operating from within, you need to know. Evidence of intruders and insider threats lies within network communications. Detect network-based threats with real-time network monitoring and big data analytics. Expedite investigations by giving your incident responders access to rich network forensics data. Get the visibility you need with Network Monitor.

Advanced Threat Detection

Detect sophisticated threats, including advanced malware. Recognize data theft, botnet beaconing, inappropriate network usage, and other threats. Access centralized network behavior analytics by corroborating high-risk events observed at the network or application layers with other environmental activity observed by the SIEM.

Rapid Incident Response

Determine incident scope and understand exactly which data and systems have been compromised. Generate irrefutable network-based evidence for threat analysis, policy enforcement, and legal action. Reconstruct files transferred across networks to investigate suspected data exfiltration, malware infiltration, or unauthorized data access.

See Network Monitor in Action

Get Started with Network Monitor Freemium

Achieve real-time network visibility across your enterprise. See the content traversing your network in rich detail. Get started with Network Monitor Freemium now.

Free Download

Powerful Capabilities, Rapid Value

Due to cost and complexity, network monitoring and forensics solutions have been out of reach for many organizations. Network Monitor sensors optimally balance power with ease of use. You can deploy sensors in minutes, letting users search network session data immediately. More advanced features like Deep Packet Analytics can illuminate hard-to-see activity.

Know the Actual Application in Use

Automatically identify over 3,000 applications for rich visibility into network sessions. Network Monitor uses deep packet inspection (DPI) to determine the true application, and can do so even when payloads are encrypted.

Capture Every Bit with Full Packet Capture

When you need to see every bit crossing your fiber, full Layer 2 through Layer 7 packet capture gives you the deepest insight possible. All captures are stored in industry standard PCAP format so your team can use existing tools and training.

Efficiently Capture Network Sessions

Record application layer (Layer 7) details and packet data for all network sessions using SmartFlow™. Get full packet visibility across weeks or months, with minimal storage requirements.

Intelligently Capture Only What You Need

It can be prohibitively expensive to perform full capture for 100% of your traffic. SmartCapture™ allows you to automatically capture sessions based on application or packet content. Use it to drastically reduce your storage requirements while delivering the network forensics data you need.

See the Hard-to-See with Deep Packet Analytics™

Continuously correlate against full packet payload and SmartFlow™ metadata using out-of-the-box rules and customizable scripts. Automate threat detection that was previously only possible via manual packet analysis.

Quickly Search Across Session Data

Perform ad hoc analysis. Drill down to critical flow and packet data quickly. With our Elasticsearch backend, you have a powerful “Google-like” search engine to streamline your forensic investigation.

Alerts & Dashboards

Perform continuous, automated analysis on saved searches to immediately detect when specific conditions are met, and then surface them through customizable analyst dashboards.

Reconstruct Files

Reconstruct email file attachments to support malware analysis and data loss monitoring.

Network Monitor Datasheet

Flexible Deployment Options

LogRhythm Global Sensor Deployment

Highly Scalable 10 Gbps Appliances

Network Monitor appliances support bandwidths of up to 10 Gbps. It can keep up as your network demands grow.

Integrate with Existing Monitoring Infrastructure

Our passive sensors will easily integrate with your existing infrastructure. Whether via span port, tap, or network packet broker, your integration will be up and running in minutes.

Software Appliances for Remote Sites

Network Monitor is also available as a software-based appliance, with licensing levels starting at 10 Mbps. This cost-effective and flexible solution is a great choice for monitoring low-bandwidth remote sites.

See into Your Virtual Environment

Improve your visibility into virtual environments and cloud infrastructure by running Network Monitor as a virtual sensor for virtual switches.

Ready to See LogRhythm in Action?

See how LogRhythm’s Threat Lifecycle Management drastically reduces mean time to detect and respond to advanced cyber threats.

Watch the Demo